Meeting data security risks and cyber threats head-on. That's how Hinshaw helps.
In today's technology-dependent and information-intensive world, businesses of every size — from startups and privately held companies to major insurers and multinational corporations — face similar cyber and privacy risks. For too many enterprises, especially those with lean or non-existent legal departments, the tipping point between preparedness and exposure often lies in the resources available to address these issues.
At Hinshaw, our attorneys understand the emerging digital assets and technologies that power modern business. We are actively engaged thought leaders in the evolving regulatory-compliance and law-enforcement landscape. Perhaps most important, we know how to design, implement, evaluate and update cost-effective cyber-preparedness strategies and insurance policies that mitigate risk and help clients respond quickly and decidedly when a data or privacy breach occurs.
We advise clients from across the industry spectrum, including:
- Financial services
- Government contracting
- Third-party payroll and human resources
Areas of Focus Include:
Data Security and Privacy Legal Services
We help organizations of all sizes with their data security and privacy legal needs. Whether you need to—ensure that a new product is designed with privacy controls built-in—or address how to legally collect personally identifiable information from consumers—or make sure that the business' security controls meet the current "reasonableness" standard—our team offers holistic data security and privacy legal counseling to address every facet.
We regularly help clients by:
- Creating or reviewing privacy compliance programs
- Advising on regulatory issues with existing privacy and data security laws and preparing to respond to new and updated laws and regulations
- Counseling to identify and address privacy and data security risks with various types of products
- Drafting privacy policies and related contractual terms, including terms of service, website disclaimers, data security addendums, and data transfer agreements
Proactive Cyber Legal Defense
The question is no longer IF an organization will be the victim of a cyber incident, but WHEN. Our proactive cyber legal defense team helps organizations of all sizes prepare for that awful day before it happens to put them in the best possible position to respond to and mitigate the effects of a cyber incident. Too many businesses, organizations, municipalities, and other entities belatedly realize that they are not "too small" or "too low-profile" to be targeted by hackers, disgruntled employees, or other cybercriminals. Lack of preparation is often more costly and increases the potential for more severe consequences stemming from a cyber incident .
We take a clear-eyed look at your cyber risks and implement practical, affordable strategies that achieve a number of key goals:
- Creating a cybersecurity risk framework to identify unique and specific cyber risks and strategies to address issues head-on
- Ensuring that compliance with privacy and data security-related laws and regulations are comprehensively addressed
- Preparing and testing various cybersecurity policies and procedures, including a cyber incident response plan, to be as ready as possible for that dreaded day; this includes establishing simulations, red team events, and tabletop exercises for cyber incident response
- Demonstrating a cybersecurity posture and reviewing insurance coverages for these risks
- Educating the C-Suite and other stakeholders about the potential threats, effective mitigation and prevention procedures, and how to respond to a cyber incident
Cyber Incident Response
When a cyber incident occurs, we help clients take rapid action to address the incident and mitigate the damage. This includes deploying the incident response plan and ensuring the proper forensic team is retained to respond to the incident. It may also include the creation of breach hotlines, secure portals, and messaging systems to communicate quickly, clearly, and safely. We work closely with stakeholders to ensure compliance with relevant legal and contractual notification requirements and when needed, with law enforcement officials to provide critical information that can help stop information loss and apprehend cybercriminals.
We partner with members of the incident response team to ensure the creation of accurate and detailed audit trails to document response efforts and to prepare for potential litigation and regulatory inquiries. We also advise media- and public-relations teams and outside PR advisors on the development of appropriate messaging and statements that provide all necessary information without increasing potential exposure.
We manage the activity of response teams at three key stages:
- Initial incident triage and coordination of forensic vendors, insurance providers, and other parties
- Oversight of forensic investigations and engagement with law enforcement, as needed
- Closing out the incident and conducting "lessons learned" process-improvement reviews
Digital Asset Management and Emerging Technology
Digital assets such as cryptocurrencies, non-fungible tokens (NFTs) and distributed-ledger and blockchain technology, as well as artificial intelligence (AI), machine learning, biometrics, and other emerging technologies, are evolving quickly and being adopted rapidly by businesses and individuals. Although legislatures and regulatory bodies worldwide are making efforts to tighten oversight of these resources, many legal and cyber-security issues remain unresolved.
Drawing on our attorneys' deep experience with these technologies, we help clients develop and implement policies that enable them to realize the benefits of these innovative assets while mitigating potential risks. Among other services, we conduct legal liability reviews, prepare unique and novel contract language, resolve business disputes, help ensure compliance with current and forthcoming regulations, and provide broad-ranging intellectual property counsel.
- Shalini Bhasker
- Christopher D. Blum
- Danielle M. Costello
- Michael A. Dowell
- Annmarie Giblin
- Anthony J. Jacob
- Russell A. Klingaman
- Johnathon C. Koechley
- Spencer Y. Kook
- David H. Levitt
- Erin Fury Parkinson
- Steven M. Puiszis
- Vaishali S. Rao
- Daniel K. Ryan
- John P. Ryan
- Scott M. Seaman
- Mark K. Suri
- Jonathan M. Yee
- Todd M. Young
- September 22, 2022
- Hinshaw's Annmarie Giblin and Laura Knittle Discuss Cyber Insurance Protection at the 6th Annual EdTech Conference for Independent SchoolsJune 23, 2022
- June 1, 2022
- February 17, 2022
- July 27 – 28, 2021
- Dustin Alonzo to Discuss Protecting Client Information in Times of COVID at New Orleans Bar Association WebinarDecember 15, 2020
- September 29, 2022
- September 9, 2022
- Corporate Counsel Magazine Reports on Remarks by Annmarie Giblin Regarding Cybersecurity Risks of Remote WorkAugust 12, 2022
- May 16, 2022
- Annmarie Giblin Explains How Treating Data as Property Could Open the Door to Novel Data Litigation ClaimsMay 12, 2022
- March 7, 2022
Hinshaw's Data Privacy & Cybersecurity team is dedicated to bringing you best practices and offering tips that we believe will be of value to any business, particularly those affected by cyber and data privacy regulations.
The arena of cyber and data privacy is a busy one. Below you will find highlighted content and our most recent posts.
- August 23, 2022
- August 9, 2022
- July 26, 2022
- FTC Overhauls Safeguards Rule Regarding Customer Information Applicable to Auto-Dealers and Other "Financial Institutions"December 2, 2021
- FTC to Increase Enforcement Against Illegal Dark Patterns Targeting Consumers with Subscription SchemesNovember 3, 2021
- October 12, 2021